CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2022-29145 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-29145
10 May 2022 — .NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-23267, CVE-2022-29117 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New ve... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO • CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2022-29117 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-29117
10 May 2022 — .NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-23267, CVE-2022-29145 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of a malicious client that can send MyCookie=chunks-2147483647 without the actual cookie chunks, causing large allocations, exceptions, and excess CPU utilization on the server when it tries to read or delete that many chunks. .NET Core is a man... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2022-23267 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-23267
10 May 2022 — .NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio. Este ID de CVE es diferente de CVE-2022-29117, CVE-2022-29145 A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs an... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-24512 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24512
09 Mar 2022 — .NET and Visual Studio Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en .NET y Visual Studio A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2022-24464 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-24464
09 Mar 2022 — .NET and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET y Visual Studio A flaw was found in .NET Core, related to the FormPipeReader. This issue allows remote unauthenticated attackers to cause a denial of service. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated version... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464 • CWE-1173: Improper Use of Validation Framework •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-21986 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-21986
09 Feb 2022 — .NET Denial of Service Vulnerability Una Vulnerabilidad de Denegación de Servicio en .NET A vulnerability was found in dotnet’s ASP.NET Core Krestel when pooling HTTP/2 and HTTP/3 headers. This flaw allows a remote, unauthenticated attacker to cause a denial of service. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-43877 – ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-43877
15 Dec 2021 — ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en ASP.NET Core y Visual Studio • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43877 •
CVSS: 5.7EPSS: 7%CPEs: 3EXPL: 0CVE-2021-41355 – .NET Core and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-41355
13 Oct 2021 — .NET Core and Visual Studio Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información en .NET Core y Visual Studio A flaw was found in dotnet, where the System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if the Transport Layer Security (TLS) handshake fails. This flaw allows an attacker to intercept sensitive information. The highest threat from this vulnerability is to confidentiality. .NET is a managed-software framework. It implements a subset of ... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41355 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-34485 – .NET Core and Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-34485
12 Aug 2021 — .NET Core and Visual Studio Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información en .NET Core y Visual Studio .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18. Issues addressed include a denial of service vulnerability. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34485 • CWE-732: Incorrect Permission Assignment for Critical Resource •